end point nac

Symantec Endpoint Protection 11Symantec Network Access Control 11

Symantec Endpoint Protection and Symantec Network Access Control June 2007 2

Symantec™ Global Intelligence Network

Hundreds of MSS customersMillions of security alerts per monthMillions of threat reports per month200,000 malware submissions per month

Twyford, England

Munich, Germany

Alexandria, VA

Sydney, Australia

Redwood City, CA

Santa Monica, CA

Calgary, Canada

San Francisco, CA

Dublin, Ireland

Pune, IndiaTaipei, Taiwan

Tokyo, Japan

>6,200 Managed Security Devices + + AdvancedHoneypot Network120 Million Systems Worldwide 30% of World’s email Traffic +

74 Symantec Monitored Countries+4 Symantec SOCs 40,000+ Registered Sensors

in 180+ Countries+ + 8 Symantec Security Response Centers


Threat Landscape Is Evolving

Percentage of Top 50 Malicious Code


Number of Zero Day threats

Threat Landscape is Evolving


Causes of Sensitive Data Loss

0% 10% 20% 30% 40% 50%

ITPolicyCompliance.com“Taking Action to Protect Sensitive Data”, Feb. 2007

User Errors

Violations of Policies

Internet Threats,Attacks and Hacks

Cause of Data Losses by Number of Events


Meet Hal, the IT Administrator

http://www.symantec.com/backupexec/hal1/


Addressing IT Risks & Enabling IT Performance

MaximizeIT Performance

ManageIT Risk

Information

Interactions

Infrastructure


Symantec Enterprise Solutions:A Powerful Combination of Product & Services

SECURITY IT COMPLIANCE

BUSINESS CONTINUITYSTORAGE IT OPERATIONS

ManageIT Risk

MaximizeIT Performance

INFORMATION MANAGEMENT


Symantec Endpoint Protection in a Nutshell

• The World’s leading anti-virus solution• More consecutive Virus Bulletin certifications (31) than

any vendor

• Best anti-spyware, leading the pack in rootkit detection and removal

• Includes VxMS scanning technology (Veritas)

• Industry’s best managed desktop firewall• Adaptive policies lead the pack for location awareness• Sygate and Symantec Client Security

• Behavior-based Intrusion prevention (Whole Security)• Network traffic inspection adds vulnerability-based

protection

• Device control to prevent data leakage at the endpoint (Sygate)

• Restricts access to registry, files, folders, and processes

• Includes a NAC agent to ensure each endpoint is “NAC-ready” (Sygate)

• Adds endpoint compliance to endpoint protection

AntiVirus

Antispyware

Firewall

IntrusionPrevention

Device and ApplicationControl

Network AccessControl


Ingredients for Endpoint Protection

AntiVirus

AntiVirus

• World’s leading AV solution• Most (32) consecutive VB100 Awards



AntiVirus

AntiVirus

• AV Comparative Feb 2007• Symantec on 100% detection for polymorphic

viruses in particular



AntiVirus

Antispyware

Antispyware

• Best rootkit detection and removal• Raw Disk Scan for superior Rootkit protection

Source: Thompson Cyber Security Labs, August 2006



AntiVirus

Antispyware

Firewall

Firewall

• Industry leading endpoint firewall technology• Gartner MQ “Leader” – 4 consecutive years• Rules based FW can dynamically adjust port

settings to block threats from spreading



Antivirus

Antispyware

Firewall

IntrusionPrevention

Intrusion Prevention

• Most Comprehensive IPS capabilities in the industry• Generic Exploit Blocking (GEB) – one

signature to proactively protect against all variants

• Proactive Threat Scan –

Detects 1,000 threats/month not detected by top 4 leading antivirus engines

• Very low false positive rate (0.004%)• Only 40 FP for every 1M computers

• No set up or configuration required


Intrusion Prevention System (IPS)Combined technologies offer best defense

(N)IPSNetwork IPS

(H)IPSHost IPS

Application Control Rules-based(System lockdown by controlling an application’s ability to read, write, execute and network connections)

Proactive Threat ScanBehavior-based(Whole Security)

Deep packet inspectionSignature–based(Can create custom sigs, SNORT-like)

Generic Exploit BlockingVulnerability-based(Sigs for vulnerability)

IntrusionPrevention

(IPS)

=Services Opportunity



AntiVirus

Antispyware

Firewall

IntrusionPrevention

Device Control

Device Control

• Prevents data leakage• Restrict Access to devices (USB keys, Back-

up drives)• W32.SillyFDC (May 2007)

W32.SillyFDC

• targets removable memory sticks

• spreads by copying itself onto removable drives

such as USB memory sticks

• automatically runs when the device is next

connected to a computer

=Services Opportunity


Ingredient for Endpoint Compliance

AntiVirus

Antispyware

Firewall

IntrusionPrevention

Device Control


Network Access Control

• Network access control – ready• Agent is included, no extra agent deployment• Simply license SNAC Server


Symantec Network Access Control

1. Reduce IT costs & greater network availability

2. Increased control over unmanaged and managed endpoints

3. Maximize investment of security technologies

Ensures endpoints are protected and compliant prior to accessing network resources


Introducing: Single Agent, Single Console

Results:

Reduced Cost, Complexity &

Risk Exposure

Increased Protection, Control &

Manageability

Symantec Endpoint Protection 11.0

Symantec Network Access Control 11.0

AntiVirus

Antispyware

Firewall

IntrusionPrevention

Device Control



How do we Lower Cost, Complexity and Risk?• Cost

– Lowered system resource demands, smaller footprint

– Single product, license, support program

– Operational efficiency

• Complexity– Fewer consoles and agents allows

standardization of technologies– Improved UI suits any size organization

• Risk– Includes behavior-based IPS to protect

against unknown attacks– Device control helps protect against

data loss and intellectual property theft Average of 84% reduction in memory usage requirements

Product Baseline Memory Usage

Symantec AntiVirus Corporate Edition 62 MB

Symantec Client Security 129 MB

Symantec AntiVirus + Symantec Sygate Enterprise Protection

72 MB

McAfee Total Protection SMB 71 MB

Trend Micro OfficeScan Client Server 50 MB

Symantec Endpoint Protection 11.0 21 MB!????


Symantec AntiVirus Extended Licensing

Symantec Endpoint

Protection

Symantec Endpoint

Protection Small Business Edition

Symantec Multi-tier

Protection

Antivirus X X X

Antispyware X X X

Desktop Firewall X X X

Intrusion Prevention X X X

Device Control X X X

Mail Security X MS Exchange

X MS Exchange/Domino/SMTP

Gateway

Antivirus for Mac and Linux

X


LAN-802.1x(Appliance)

Endpoint(Uses SEP Desktop

Firewall)

Gateway(Appliance)

DHCP(Appliance/Plug-in)

Client(Persistent)

On-Demand(Dissolvable)

Agentless(Scanner)

Enforcement Type Agent Type

SymantecNetworkAccess Control

v11.0

SymantecNetworkAccess Control

Starter EditionV 11.0

SNAC Packaging

Back to Table


For More Information…www.symantec.com/endpointsecurity


© 2007 Symantec Corporation. All rights reserved.

THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND IS NOT INTENDED AS ADVERTISING. ALL WARRANTIES RELATING TO THE INFORMATION IN THIS DOCUMENT, EITHER EXPRESS OR IMPLIED, ARE DISCLAIMED TO THE MAXIMUM EXTENT ALLOWED BY LAW. THE INFORMATION IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE.

Thank You!

end point nac

Documents